php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #73455 Crash Blenc with Fuzzer
Submitted: 2016-11-03 18:52 UTC Modified: 2017-01-10 08:32 UTC
From: tasliogluoonur at gmail dot com Assigned:
Status: Suspended Package: BLENC (PECL)
PHP Version: 5.6.27 OS: x86_64 GNU/Linux
Private report: No CVE-ID: None
 [2016-11-03 18:52 UTC] tasliogluoonur at gmail dot com
Description:
------------
Blenc Library

Test script:
---------------
<?php if(extension_loaded("blenc")){

$source_code = file_get_contents($argv[1]);

/* create the encrypted version */
$redistributable_key = blenc_encrypt($source_code, "my_source_encoded.php");

/* read which is the key_file */
$key_file = ini_get('blenc.key_file');

/* save the redistributable key */
file_put_contents($key_file, $redistributable_key, FILE_APPEND);
} ?>

Expected result:
----------------
(gdb) info reg
rax            0xebc0e8	15450344
rbx            0x7ffff7fd61c0	140737353966016
rcx            0xffffffffffffffff	-1
rdx            0x6eca78	7260792
rsi            0x7ffff7fd68b8	140737353967800
rdi            0x95d4455dcee6af8f	-7650413597790130289
rbp            0x95d4455dcee6af8f	0x95d4455dcee6af8f
rsp            0x7fffffffad60	0x7fffffffad60
r8             0x1	1
r9             0xebde70	15457904
r10            0x0	0
r11            0x246	582
r12            0x7ffff7fd61e8	140737353966056
r13            0x0	0
r14            0xebc480	15451264
r15            0x0	0
rip            0x6fb557	0x6fb557 <zend_hash_destroy+7>
eflags         0x10282	[ SF IF RF ]
cs             0x33	51
ss             0x2b	43
ds             0x0	0
es             0x0	0
fs             0x0	0
gs             0x0	0


Actual result:
--------------
Program received signal SIGSEGV, Segmentation fault.
0x00000000006fb557 in zend_hash_destroy ()
(gdb) bt
#0  0x00000000006fb557 in zend_hash_destroy ()
#1  0x00000000006eca9b in _zval_dtor_func ()
#2  0x00000000006e31ed in destroy_op_array ()
#3  0x00000000006ef456 in zend_execute_scripts ()
#4  0x000000000068fc05 in php_execute_script ()
#5  0x000000000079f18e in ?? ()
#6  0x0000000000461df0 in main ()

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-01-10 08:32 UTC] kalle@php.net
-Status: Open +Status: Suspended
 [2017-01-10 08:32 UTC] kalle@php.net
I'm suspending the reports for BLENC as it doesn't seem to have stalled (looking at both repositories I could find on git.php.net and github) and it does not seem compatible with any currently supported version of PHP either. Please unsuspend in case someone takes over this extension
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Dec 22 06:01:30 2024 UTC